Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------

What I'm doing is having PayPal send the person donating back to the page like this: donate.php?do=thankyou.

Unfortunately whenever I go to donate.php?do=thankyou with any type of POST (which PayPal uses) it still gives me an invalid token notification. Do I even need to worry about CSRF protection on my donations page if all the content I'm putting on there is my own? Should I just turn it off (tested and it works off). Or am I just doing something stupid that I can fix in a half-a-second?